Certificate Transfer Interface
- Canonical Telco
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 115 | 20 Apr 2025 |
juju deploy certificate-transfer-interface --channel edge
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
22.04
-
- Last updated
- Revision Library version 1.5
# Copyright 2024 Canonical Ltd.
# See LICENSE file for licensing details.
"""Library for the certificate_transfer relation.
This library contains the Requires and Provides classes for handling the
certificate-transfer interface.
## Getting Started
From a charm directory, fetch the library using `charmcraft`:
```shell
charmcraft fetch-lib charms.certificate_transfer_interface.v1.certificate_transfer
```
### Provider charm
The provider charm is the charm providing public certificates to another charm that requires them.
Example:
```python
from ops.charm import CharmBase, RelationJoinedEvent
from ops.main import main
from lib.charms.certificate_transfer_interface.v1.certificate_transfer import (
CertificateTransferProvides,
)
class DummyCertificateTransferProviderCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
self.certificate_transfer = CertificateTransferProvides(self, "certificates")
self.framework.observe(
self.on.certificates_relation_joined, self._on_certificates_relation_joined
)
def _on_certificates_relation_joined(self, event: RelationJoinedEvent):
certificate = "my certificate"
self.certificate_transfer.add_certificates(certificate)
if __name__ == "__main__":
main(DummyCertificateTransferProviderCharm)
```
### Requirer charm
The requirer charm is the charm requiring certificates from another charm that provides them.
Example:
```python
import logging
from ops.charm import CharmBase
from ops.main import main
from lib.charms.certificate_transfer_interface.v1.certificate_transfer import (
CertificatesAvailableEvent,
CertificatesRemovedEvent,
CertificateTransferRequires,
)
class DummyCertificateTransferRequirerCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
self.certificate_transfer = CertificateTransferRequires(self, "certificates")
self.framework.observe(
self.certificate_transfer.on.certificate_set_updated, self._on_certificates_available
)
self.framework.observe(
self.certificate_transfer.on.certificates_removed, self._on_certificates_removed
)
def _on_certificates_available(self, event: CertificatesAvailableEvent):
logging.info(event.certificates)
logging.info(event.relation_id)
def _on_certificates_removed(self, event: CertificatesRemovedEvent):
logging.info(event.relation_id)
if __name__ == "__main__":
main(DummyCertificateTransferRequirerCharm)
```
You can integrate both charms by running:
```bash
juju integrate <certificate_transfer provider charm> <certificate_transfer requirer charm>
```
"""
import json
import logging
from typing import List, MutableMapping, Optional, Set
from ops import (
CharmEvents,
EventBase,
EventSource,
Handle,
Relation,
RelationBrokenEvent,
RelationChangedEvent,
RelationCreatedEvent,
)
from ops.charm import CharmBase
from ops.framework import Object
from pydantic import BaseModel, ConfigDict, Field, ValidationError
# The unique Charmhub library identifier, never change it
LIBID = "3785165b24a743f2b0c60de52db25c8b"
# Increment this major API version when introducing breaking changes
LIBAPI = 1
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 5
logger = logging.getLogger(__name__)
PYDEPS = ["pydantic"]
class TLSCertificatesError(Exception):
"""Base class for custom errors raised by this library."""
class DataValidationError(TLSCertificatesError):
"""Raised when data validation fails."""
class DatabagModel(BaseModel):
"""Base databag model."""
model_config = ConfigDict(
# tolerate additional keys in databag
extra="ignore",
# Allow instantiating this class by field name (instead of forcing alias).
populate_by_name=True,
# Custom config key: whether to nest the whole datastructure (as json)
# under a field or spread it out at the toplevel.
_NEST_UNDER=None,
) # type: ignore
"""Pydantic config."""
@classmethod
def load(cls, databag: MutableMapping):
"""Load this model from a Juju databag."""
nest_under = cls.model_config.get("_NEST_UNDER")
if nest_under:
return cls.model_validate(json.loads(databag[nest_under]))
try:
data = {
k: json.loads(v)
for k, v in databag.items()
# Don't attempt to parse model-external values
if k in {(f.alias or n) for n, f in cls.model_fields.items()}
}
except json.JSONDecodeError as e:
msg = f"invalid databag contents: expecting json. {databag}"
logger.error(msg)
raise DataValidationError(msg) from e
try:
return cls.model_validate_json(json.dumps(data))
except ValidationError as e:
msg = f"failed to validate databag: {databag}"
logger.debug(msg, exc_info=True)
raise DataValidationError(msg) from e
def dump(self, databag: Optional[MutableMapping] = None, clear: bool = True):
"""Write the contents of this model to Juju databag.
Args:
databag: The databag to write to.
clear: Whether to clear the databag before writing.
Returns:
MutableMapping: The databag.
"""
if clear and databag:
databag.clear()
if databag is None:
databag = {}
nest_under = self.model_config.get("_NEST_UNDER")
if nest_under:
databag[nest_under] = self.model_dump_json(
by_alias=True,
# skip keys whose values are default
exclude_defaults=True,
)
return databag
dct = self.model_dump(mode="json", by_alias=True, exclude_defaults=False)
databag.update({k: json.dumps(v) for k, v in dct.items()})
return databag
class ProviderApplicationData(DatabagModel):
"""Provider App databag model."""
certificates: Set[str] = Field(
description="The set of certificates that will be transferred to a requirer",
default=set(),
)
version: int = Field(
description="Version of the interface used in this databag",
default=1,
)
class RequirerApplicationData(DatabagModel):
"""Requirer App databag model."""
version: int = Field(
description="Version of the interface supported by this requirer",
default=1,
)
class CertificateTransferProvides(Object):
"""Certificate Transfer provider class to be instantiated by charms sending certificates."""
def __init__(self, charm: CharmBase, relationship_name: str):
super().__init__(charm, relationship_name + "_v1")
self.charm = charm
self.relationship_name = relationship_name
def add_certificates(self, certificates: Set[str], relation_id: Optional[int] = None) -> None:
"""Add certificates from a set to relation data.
Adds certificate to all relations if relation_id is not provided.
Args:
certificates (Set[str]): A set of certificate strings in PEM format
relation_id (int): Juju relation ID
Returns:
None
"""
if not self.charm.unit.is_leader():
logger.warning("Only the leader unit can add certificates to this relation")
return
relations = self._get_relevant_relations(relation_id)
if not relations:
logger.error(
"At least 1 matching relation ID not found with the relation name '%s'",
self.relationship_name,
)
return
for relation in relations:
existing_data = self._get_relation_data(relation)
existing_data.update(certificates)
self._set_relation_data(relation, existing_data)
def remove_all_certificates(self, relation_id: Optional[int] = None) -> None:
"""Remove all certificates from relation data.
Removes all certificates from all relations if relation_id not given
Args:
relation_id (int): Relation ID
Returns:
None
"""
if not self.charm.unit.is_leader():
logger.warning("Only the leader unit can add certificates to this relation")
return
relations = self._get_relevant_relations(relation_id)
if not relations:
logger.error(
"At least 1 matching relation ID not found with the relation name '%s'",
self.relationship_name,
)
return
for relation in relations:
self._set_relation_data(relation, set())
def remove_certificate(
self,
certificate: str,
relation_id: Optional[int] = None,
) -> None:
"""Remove a given certificate from relation data.
Removes certificate from all relations if relation_id not given
Args:
certificate (str): Certificate in PEM format that's in the list
relation_id (int): Relation ID
Returns:
None
"""
if not self.charm.unit.is_leader():
logger.warning("Only the leader unit can add certificates to this relation")
return
relations = self._get_relevant_relations(relation_id)
if not relations:
logger.error(
"At least 1 matching relation ID not found with the relation name '%s'",
self.relationship_name,
)
return
for relation in relations:
existing_data = self._get_relation_data(relation)
existing_data.discard(certificate)
self._set_relation_data(relation, existing_data)
def _get_relevant_relations(self, relation_id: Optional[int] = None) -> List[Relation]:
"""Get the relevant relation if relation_id is given, all relations otherwise."""
if relation_id is not None:
relation = self.model.get_relation(
relation_name=self.relationship_name, relation_id=relation_id
)
if relation and relation.active:
return [relation]
return []
return list(self.model.relations[self.relationship_name])
def _set_relation_data(self, relation: Relation, data: Set[str]) -> None:
"""Set the given relation data."""
databag = relation.data[self.model.app]
ProviderApplicationData(certificates=data).dump(databag, False)
def _get_relation_data(self, relation: Relation) -> Set[str]:
"""Get the given relation data."""
databag = relation.data[self.model.app]
try:
return ProviderApplicationData().load(databag).certificates
except DataValidationError as e:
logger.error(
(
"Error parsing relation databag: %s. ",
"Make sure not to interact with the databags "
"except using the public methods in the provider library "
"and use version V1.",
),
e.args,
)
return set()
class CertificatesAvailableEvent(EventBase):
"""Charm Event triggered when the set of provided certificates is updated."""
def __init__(
self,
handle: Handle,
certificates: Set[str],
relation_id: int,
):
super().__init__(handle)
self.certificates = certificates
self.relation_id = relation_id
def snapshot(self) -> dict:
"""Return snapshot."""
return {
"certificates": self.certificates,
"relation_id": self.relation_id,
}
def restore(self, snapshot: dict):
"""Restores snapshot."""
self.certificates = snapshot["certificates"]
self.relation_id = snapshot["relation_id"]
class CertificatesRemovedEvent(EventBase):
"""Charm Event triggered when the set of provided certificates is removed."""
def __init__(self, handle: Handle, relation_id: int):
super().__init__(handle)
self.relation_id = relation_id
def snapshot(self) -> dict:
"""Return snapshot."""
return {"relation_id": self.relation_id}
def restore(self, snapshot: dict):
"""Restores snapshot."""
self.relation_id = snapshot["relation_id"]
class CertificateTransferRequirerCharmEvents(CharmEvents):
"""List of events that the Certificate Transfer requirer charm can leverage."""
certificate_set_updated = EventSource(CertificatesAvailableEvent)
certificates_removed = EventSource(CertificatesRemovedEvent)
class CertificateTransferRequires(Object):
"""Certificate transfer requirer class to be instantiated by charms expecting certificates."""
on = CertificateTransferRequirerCharmEvents() # type: ignore
def __init__(
self,
charm: CharmBase,
relationship_name: str,
):
"""Observe events related to the relation.
Args:
charm: Charm object
relationship_name: Juju relation name
"""
super().__init__(charm, relationship_name + "_v1")
self.relationship_name = relationship_name
self.charm = charm
self.framework.observe(
charm.on[relationship_name].relation_changed, self._on_relation_changed
)
self.framework.observe(
charm.on[relationship_name].relation_broken, self._on_relation_broken
)
self.framework.observe(
charm.on[relationship_name].relation_created, self._on_relation_created
)
def _on_relation_changed(self, event: RelationChangedEvent) -> None:
"""Emit certificate set updated event.
Args:
event: Juju event
Returns:
None
"""
remote_unit_relation_data = self.get_all_certificates(event.relation.id)
self.on.certificate_set_updated.emit(
certificates=remote_unit_relation_data,
relation_id=event.relation.id,
)
def _on_relation_broken(self, event: RelationBrokenEvent) -> None:
"""Handle relation broken event.
Args:
event: Juju event
Returns:
None
"""
self.on.certificates_removed.emit(relation_id=event.relation.id)
def _on_relation_created(self, event: RelationCreatedEvent) -> None:
"""Handle relation created event.
Args:
event: Juju event
Returns:
None
"""
if not self.model.unit.is_leader():
logger.debug("Only leader unit sets the version number in the app databag")
return
databag = event.relation.data[self.model.app]
RequirerApplicationData().dump(databag, False)
def get_all_certificates(self, relation_id: Optional[int] = None) -> Set[str]:
"""Get transferred certificates.
If no relation id is given, certificates from all relations will be
provided in a concatenated list.
Args:
relation_id: The id of the relation to get the certificates from.
"""
relations = self._get_relevant_relations(relation_id)
result = set()
for relation in relations:
data = self._get_relation_data(relation)
result = result.union(data)
return result
def is_ready(self, relation: Relation) -> bool:
"""Check if the relation is ready by checking that it has valid relation data."""
databag = relation.data[relation.app]
try:
ProviderApplicationData().load(databag)
return True
except DataValidationError:
return False
def _get_relation_data(self, relation: Relation) -> Set[str]:
"""Get the given relation data."""
databag = relation.data[relation.app]
try:
return ProviderApplicationData().load(databag).certificates
except DataValidationError as e:
logger.error(
(
"Error parsing relation databag: %s. ",
"Make sure not to interact with the databags "
"except using the public methods in the provider library "
"and use version V1.",
),
e.args,
)
return set()
def _get_relevant_relations(self, relation_id: Optional[int] = None) -> List[Relation]:
"""Get the relevant relation if relation_id is given, all relations otherwise."""
if relation_id is not None:
if relation := self.model.get_relation(
relation_name=self.relationship_name, relation_id=relation_id
):
return [relation]
return list(self.model.relations[self.relationship_name])
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27m15.839%205.293-1.447-2.8a.136.136%200%200%200-.051-.055.144.144%200%200%200-.074-.02h-5.8a.143.143%200%200%200-.091.03.13.13%200%200%200-.034.17.138.138%200%200%200%20.072.06l7.251%202.8a.144.144%200%200%200%20.17-.054.13.13%200%200%200%20.007-.13l-.003-.001ZM11.839%204.945.073.223A.073.073%200%200%200%20.026.221a.07.07%200%200%200-.038.027.065.065%200%200%200%20.007.086l7.962%208.182a.069.069%200%200%200%20.049.022.072.072%200%200%200%20.047-.019l3.805-3.461a.066.066%200%200%200%20.02-.061.065.065%200%200%200-.014-.03.07.07%200%200%200-.028-.02l.003-.002ZM5.382%207.183a.071.071%200%200%200-.062-.022.07.07%200%200%200-.03.011.067.067%200%200%200-.023.025l-4.13%207.696a.065.065%200%200%200-.005.046.068.068%200%200%200%20.027.038.072.072%200%200%200%20.09-.006L7.13%209.18a.066.066%200%200%200%200-.087l-1.75-1.91Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27M1.936%202.592c.668%200%201.21-.515%201.21-1.151S2.604.29%201.936.29C1.267.29.726.805.726%201.44c0%20.637.541%201.152%201.21%201.152ZM14.56.576H3.404a1.587%201.587%200%200%201%20.024%201.69l-.026.04h11.156a.56.56%200%200%200%20.386-.15.518.518%200%200%200%20.16-.369v-.692a.502.502%200%200%200-.16-.369.543.543%200%200%200-.386-.15ZM1.936%206.701c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%204.685H3.404a1.612%201.612%200%200%201%20.242%201.083c-.03.215-.105.421-.219.608l-.026.04h11.157a.56.56%200%200%200%20.386-.15.518.518%200%200%200%20.16-.37v-.692a.5.5%200%200%200-.16-.369.542.542%200%200%200-.386-.15ZM1.936%2010.81c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%208.795H3.404a1.611%201.611%200%200%201%20.243%201.082%201.581%201.581%200%200%201-.245.648h11.156a.559.559%200%200%200%20.386-.15.517.517%200%200%200%20.16-.37v-.692a.502.502%200%200%200-.16-.368.543.543%200%200%200-.386-.15ZM1.936%2014.92c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%2012.904H3.404a1.611%201.611%200%200%201%20.242%201.082%201.58%201.58%200%200%201-.219.608l-.026.04h11.157a.562.562%200%200%200%20.386-.15.517.517%200%200%200%20.16-.37v-.692a.5.5%200%200%200-.16-.369.543.543%200%200%200-.386-.15Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27M9.618.272c-.634%200-1.243.243-1.691.674-.448.43-.7%201.015-.701%201.624v4.221a1.9%201.9%200%200%201%201.362%200v-4.22a.955.955%200%200%201%20.291-.72%201.067%201.067%200%200%201%201.479%200%20.955.955%200%200%201%20.29.719v.962h1.363V2.57c0-.61-.253-1.194-.702-1.625A2.445%202.445%200%200%200%209.618.272ZM9.017%208.433c0%20.21-.065.417-.187.593a1.102%201.102%200%200%201-.499.393c-.203.08-.426.102-.642.06a1.125%201.125%200%200%201-.568-.292%201.055%201.055%200%200%201-.304-.547%201.028%201.028%200%200%201%20.064-.616c.084-.195.226-.362.41-.479a1.143%201.143%200%200%201%201.401.133c.103.1.185.217.24.347.057.129.085.268.085.408ZM2.773%205.855c-.634.001-1.242.244-1.69.674C.633%206.96.381%207.545.38%208.154v4.082a1.901%201.901%200%200%201%201.363%200V8.154a.955.955%200%200%201%20.29-.719%201.067%201.067%200%200%201%201.479%200%20.955.955%200%200%201%20.29.719v.962h1.363v-.962c0-.61-.253-1.194-.702-1.625a2.444%202.444%200%200%200-1.69-.674ZM2.166%2013.878c0%20.21-.065.415-.186.59-.121.174-.294.31-.496.39-.202.08-.424.102-.638.06a1.119%201.119%200%200%201-.565-.29%201.049%201.049%200%200%201-.302-.543c-.043-.206-.02-.42.063-.614.084-.194.225-.36.407-.476a1.136%201.136%200%200%201%201.394.133%201.024%201.024%200%200%201%20.323.75Z%27%2F%3E%3Cpath%20d%3D%27M14.752%204.76a1.789%201.789%200%200%201-.681-.126v2.411a.972.972%200%200%201-.312.682c-.193.179-.45.28-.718.28-.268%200-.526-.101-.718-.28a.972.972%200%200%201-.312-.682V4.32h-1.363v2.726c0%20.61.252%201.195.7%201.626a2.443%202.443%200%200%200%201.692.673c.635%200%201.244-.242%201.692-.673.449-.431.7-1.016.7-1.626v-2.41a1.9%201.9%200%200%201-.68.125ZM15.858%202.822c.037.225%200%20.455-.107.658a1.1%201.1%200%200%201-.49.472%201.161%201.161%200%200%201-1.302-.198%201.04%201.04%200%200%201-.206-1.251%201.1%201.1%200%200%201%20.492-.47%201.161%201.161%200%200%201%201.299.199c.166.16.276.366.314.59ZM7.907%2010.2c-.233%200-.465-.042-.681-.126V12.6a.97.97%200%200%201-.302.7%201.05%201.05%200%200%201-.728.29%201.05%201.05%200%200%201-.728-.29.97.97%200%200%201-.302-.7V9.845H3.804V12.6c0%20.61.252%201.194.7%201.625a2.443%202.443%200%200%200%201.692.674c.634%200%201.243-.243%201.692-.674.448-.43.7-1.015.7-1.625v-2.526a1.887%201.887%200%200%201-.68.127Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)